README.md

June 16, 2024 ยท View on GitHub


Statically Compiled Binaries (Packages) for Hysp๐ŸŒท

๐Ÿงฐ Architecture ๐Ÿงฐ๐Ÿ“ฆ Total Packages ๐Ÿ“ฆ๐Ÿ“ Detailed List ๐Ÿ“โฌ Upstream Source โฌ๐Ÿ‡จ๐Ÿ‡ญ WorkFlows ๐Ÿ‡จ๐Ÿ‡ญ
Linux amd // x86_641017x86_64.mdAzathothas/Toolpacks/x86_64๐Ÿ›๏ธ (x86_64)โš™๏ธ Daily ๐Ÿ“ฆ Metadata ๐Ÿ—„๏ธ
Linux aarch64 // arm64753aarch64_arm64.mdAzathothas/Toolpacks/aarch64_arm64๐Ÿ›๏ธ (aarch64_arm64) โš™๏ธ Daily ๐Ÿ“ฆ Metadata ๐Ÿ—„๏ธ
Windows x64 // AMD64158x64_Windows.mdAzathothas/Toolpacks/x64_Windows๐Ÿ›๏ธ (x64_Windows) โš™๏ธ Daily ๐Ÿ“ฆ Metadata ๐Ÿ—„๏ธ
  • Raw metadata containing info for all packages is available as json & toml
  • ./pkgs only contains a couple of test packages. Everything is hosted at : Azathothas/Toolpacks

It is never a good idea to install random binaries from random sources.

  • Check these HackerNews Discussions

Hysp offers the following sane-defaults:

  • CheckSums

Hysp requires either blake3sum / sha256sum in $BINARY_SOURCE.toml & always verifies them to ensure nothing has been tampered with.

  • Transparency

Hysp is completely open-source. And so is the default pkg-source. The upstream repos that it uses as source are also completely open-source. You are free to audit & scrutinize everything.

!# PKG Metadata
# Everything is automated via Github Actions & Scripts
Repo --> https://github.com/metis-os/hysp-pkgs
WorkFlows --> https://github.com/metis-os/hysp-pkgs/tree/main/.github/workflows
Scripts --> https://github.com/metis-os/hysp-pkgs/tree/main/.github/scripts

!# Upstream Source
# Everything is automated via Github Actions & Build Scripts
Repo --> https://github.com/Azathothas/Toolpacks
WorkFlows --> https://github.com/Azathothas/Toolpacks/tree/main/.github/workflows
Build Scripts --> https://github.com/Azathothas/Toolpacks/tree/main/.github/scripts
  • Self-Hostable : Hysp offers you to completely self-host the backend from where it fetches the binaries. If you do not trust the default pkg-source, you can configure hysp to only use your source, hosted on your own servers.
  • A note on hysp allowing http-only sources
  • Hysp will allow you to host your pkg-source repo anywhere & doesn't require http as it uses the checksums to verify the hashes.
  • However, this decision to allow http-only sources is enabled for legacy compatibility reasons or in case you want hysp to use a HTTP_PROXY.
  • Never host both your data/*.toml & source binaries on http-only server. This will expose you to MITM as an attacker could tamper with both the checksums & binaries. Hysp will not be resposible for where you host your binaries or what kind of binaries you run.
  • You hold all responsibilities if you host the PKG Sources yourself.
  • Check this hacker-news discussion: https://news.ycombinator.com/item?id=38457926#38473604

Support ๐Ÿ’Œ

I am a student currently attending university. I like working for Open Source in my free time. If you find my tool or work beneficial, please consider supporting me via KO-FI or ESEWA* (Nepal only), Or by leaving a star โญ ; I'll appreciate your action :)

Everything is license under the MIT except for the packages... They hold their own livess :oOO

Copyright ยฉ 2023 pwnwriter xyz โ˜˜๏ธ